1. General information

The privacy policy applies to users who visit the ApplePoint website, contact ApplePoint via form, telephone, email or social media, use the shipping form, make purchases in the online store, and use service and repair services.

2. Personal data administrator

The personal data administrator is:

ApplePoint Mikołaj Stańczak
conducting business activity under the name: ApplePoint
address: Juliusza 2 apt. 7, 98-220 Zduńska Wola
Tax Identification Number: 8291759230
e-mail: serviceapplepoint@gmail.com
tel.: +48 518 900 318

In matters concerning personal data, you can contact the Administrator:

• by email: serviceapplepoint@gmail.com
• by phone: +48 518 900 318
• in writing: Juliusza 2 apt. 7, 98-220 Zduńska Wola

3. Scope and sources of processed data

The Administrator may process personal data provided by the user voluntarily, in particular:

• name and surname,
• phone number,
• email address,
• home address or delivery address,
• invoice details,
• Tax Identification Number,
• data regarding the device submitted for repair or valuation,
• data contained in the content of the message, contact form, shipping form or service request,
• data regarding orders, payments, complaints and after-sales correspondence.

The Administrator may also process data collected automatically when using the website, such as:

• IP address,
• approximate location,
• device type,
• operating system,
• browser type,
• source of entry to the website,
• user activity on the website,
• data saved in cookies.

4. Purposes, legal basis and data processing period

a) Contacting the user and handling queries

The data provided in the contact form, e-mail, private message or during a telephone conversation are processed for the purpose of responding, preparing a quote, presenting an offer or conducting further contact.

Legal basis: Article 6(1)(b) of the GDPR – taking action before concluding a contract or Article 6(1)(f) of the GDPR – the Controller’s legitimate interest in handling correspondence and communication with the user.

Processing period: for the time necessary to process the inquiry, and then for the period needed to defend against any claims or pursue claims.

b) Provision of service and repair services

User data is processed for the purpose of accepting the device for diagnosis, valuation, repair, contact regarding the service, collection of the device, settlement of the service and handling complaints.

Legal basis: Article 6(1)(b) of the GDPR – performance of the contract, Article 6(1)(c) of the GDPR – legal obligations of the Controller, including tax and accounting obligations, and Article 6(1)(f) of the GDPR – defence against claims or pursuit of claims.

Processing period: for the duration of the service, and then for the period required by law and until the expiry of the limitation periods for claims.

c) Mail-in repair service and shipping form

The data provided in the shipping form is processed for the purpose of accepting the request, organizing and carrying out the mail-in repair, contacting the customer, determining the details of the service, returning the device and considering the complaint.

Legal basis: Article 6 paragraph 1 letter b of the GDPR – performance of a contract or actions prior to its conclusion, Article 6 paragraph 1 letter c of the GDPR – legal obligations, Article 6 paragraph 1 letter f of the GDPR – securing the Controller’s interests in the establishment, exercise or defence of claims.

Processing period: for the period necessary to complete the application and service, and then for the period resulting from legal provisions and limitation periods for claims.

d) Fulfillment of orders in the online store

When placing an order in the online store, data is processed for the purpose of accepting and fulfilling the order, preparing and shipping the goods, contacting you regarding the order, processing payments, issuing sales documents and handling complaints, returns and withdrawals from the contract.

Legal basis: Article 6 paragraph 1 letter b of the GDPR – performance of the sales contract, Article 6 paragraph 1 letter c of the GDPR – obligations arising from legal provisions, in particular tax and accounting provisions, Article 6 paragraph 1 letter f of the GDPR – establishment, pursuit or defence of claims.

Processing period: for the duration of the order execution, and then for the period required by law and until the expiry of the limitation periods for claims.

e) Issuing invoices and maintaining accounting records

Data are processed in order to fulfill obligations arising from tax and accounting regulations.

Legal basis: Article 6(1)(c) of the GDPR – legal obligation incumbent on the Controller.

Processing period: for the period required by applicable tax and accounting law.

f) Handling complaints, returns and withdrawals from the contract

Data may be processed for the purpose of handling complaints, returns, warranties, guarantees or withdrawal from the contract.

Legal basis: Article 6(1)(b) of the GDPR – performance of the contract, Article 6(1)(c) of the GDPR – legal obligations, Article 6(1)(f) of the GDPR – establishment, pursuit and defence of claims.

Processing period: for the period necessary to consider the case and for the limitation period for claims.

g) Marketing of own services and products

If the user consents or the Administrator acts within the limits permitted by law, the data may be used to inform about the Administrator's offers, promotions, news or services.

Legal basis: Article 6(1)(a) of the GDPR – consent or Article 6(1)(f) of the GDPR – legitimate interest of the Controller, provided that specific provisions allow it.

Processing period: until consent is withdrawn or an effective objection is raised.

h) Analytics, statistics, website security and website improvement

Data may be processed to analyse how the website is used, create statistics, improve the website's performance, ensure security and detect abuse.

Legal basis: Article 6(1)(f) of the GDPR – legitimate interest of the Controller or Article 6(1)(a) of the GDPR – consent, if the given tools require prior consent of the user.

Processing period: for the period appropriate to a given tool or until an objection is raised or consent is withdrawn.

5. Is providing data voluntary?

Providing data is generally voluntary, but in many cases it may be necessary to:

• responding to an inquiry,
• preparing a quote,
• carrying out repairs,
• handling the shipping form,
• placing and fulfilling an order,
• issuing an invoice,
• shipment of goods,
• consideration of a complaint or refund.

Failure to provide the required data may prevent the implementation of the indicated activities.

6. Data recipients

Personal data may be transferred to entities used by the Administrator in conducting its business, in particular:

• hosting and IT infrastructure providers,
• providers of websites, plug-ins and technical systems,
• the operator of the WooCommerce online store and entities supporting its operation,
• electronic payment operators,
• banks and settlement operators,
• courier companies, carriers and logistics operators,
• providers of accounting, legal and advisory services,
• suppliers of analytical, marketing and statistical tools,
• providers of maps, opinion widgets and embedded content,
• entities authorized under the law.

Data is transferred only to the extent necessary to achieve a specific purpose.

7. Online store and WooCommerce

The website may have an online store based on the system WooCommerce, through which the user can place orders for the offered products.

In connection with the use of the store, the Administrator may process the data necessary to:

• creating a customer account, if such functionality is available,
• placing an order,
• payment processing,
• preparation and delivery of the shipment,
• issuing a sales document,
• handling complaints, returns and customer contact.

WooCommerce may technically store data related to your shopping cart, order history, transaction data, and user session. This data is processed only to the extent necessary for the proper operation of the store and order fulfillment.

8. Payments

In the case of online purchases or other settlements, data may be transferred to payment operators to enable the processing of transactions.

The scope of data transferred depends on the selected payment method and may include, among others:

• name and surname,
• email address,
• phone number,
• transaction amount,
• order details,
• billing address.

Detailed rules for data processing by payment operators are defined in their own privacy policies.

9. Delivery and courier companies

In order to process an order or repair by mail, user data may be transferred to courier companies, postal operators or logistics operators.

The scope of data may include:

• name and surname,
• delivery or pickup address,
• phone number,
• email address,
• shipment information.

This data is transferred solely for the purpose of delivering the shipment, handling returns or carrying out the logistics process.

10. Google Reviews, Maps, and External Tools

The website may use tools and services provided by third parties, in particular:

• Google Maps – to display maps and location data,
• Google Reviews / Google reviews widget – to present customer opinions,
• Trustindex or a similar tool – to embed reviews and widgets,
• Google or Meta analytical and advertising tools,
• content embedded from social networking sites.

Using these tools may involve transferring certain information to external providers, in particular IP address, device data, browser information, website activity and data stored in cookies.

The scope and principles of data processing by external suppliers result from their own regulations and privacy policies.

11. Social media

The Administrator may maintain profiles on social media, in particular on platforms such as Facebook, Instagram, TikTok, Google Business Profile or similar websites.

In the event of contact with the Controller via social media, user data may be processed for the purpose of responding to messages, conducting correspondence, handling inquiries, and for information and marketing activities.

Data processing within social media platforms also takes place in accordance with the rules of these platforms.

12. Cookies and similar technologies

The website uses cookies and similar technologies to ensure its proper operation, improve security, analyze traffic and – depending on settings – conduct marketing activities.

Cookies are small pieces of text information stored on the user's device.

The following types of cookies may be used on the website:

a) Necessary

They are necessary for the proper functioning of the website, store, forms, user sessions and basic technical functions.

b) Functional

They enable the user to remember selected settings and improve the convenience of using the website.

c) Analytical/statistical

They allow us to measure website traffic, analyze how the website is used and improve its performance.

d) Marketing

They can be used to tailor ads, measure campaign effectiveness and for remarketing activities.

The user can manage cookies using browser settings or – if an appropriate mechanism has been implemented – using the cookie consent banner.

Restricting the use of cookies may affect some functionalities of the website or store.

13. Analytics and advertising tools

The website may use analytical and marketing tools such as:

• Google Analytics,
• Google Ads,
• Meta Pixel,
• other similar statistical and advertising technologies.

These tools may collect information about user activity on the website and help the Administrator analyze traffic, measure campaign effectiveness, and improve the website's offering and operation.

If a tool requires user consent, it is only launched after the user has given it.

14. Transfer of data outside the European Economic Area

Due to the use of the services of certain technology providers, in particular providers of analytical systems, advertising systems, maps, opinion widgets or cloud services, personal data may be transferred outside the European Economic Area.

In such a case, the Controller shall make every effort to ensure that the data is transferred in accordance with the law and with appropriate safeguards, in particular on the basis of decisions confirming the appropriate level of protection, standard contractual clauses or other mechanisms provided for by the GDPR.

The User may obtain additional information about the security measures applied by contacting the Administrator.

15. Rights of the data subject

The data subject has the right to:

• access to data,
• rectification of data,
• deletion of data,
• processing restrictions,
• data transfer,
• object to data processing,
• withdraw consent at any time if processing is based on consent,
• lodging a complaint with the President of the Personal Data Protection Office.

Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

16. Automated decision-making and profiling

User data is generally not used to make decisions based solely on automated processing that would produce legal effects for the user or significantly affect him in a similar manner.

If advertising or analytical tools are used on the website, they may support activities involving the creation of audiences or the analysis of user behaviour for marketing purposes, but this does not lead to solely automated decisions being made regarding the user.

17. Data security

The Administrator uses appropriate technical and organizational measures to protect personal data against loss, destruction, unauthorized disclosure, access or other unlawful processing.

18. Links to external sites

The website may contain links to other websites or third-party services. The Administrator is not responsible for the data processing practices employed by these entities. It is recommended that you review their own privacy policies.

19. Changes to the privacy policy

The Administrator may update this Privacy Policy, in particular in the event of changes in legal regulations, technological changes, changes in the functionality of the website or the implementation of new tools, services or sales methods.

The current version of the Privacy Policy is published on the ApplePoint website.

20. Contact details